The other day while I was in the midst of a discussion about Linux kernel upgrades, one of the other engineers who works at Engine Yard, Scott Likens, sent me a github URL:
It turned out that this patch had hit the Passenger github repo after our last set of ebuild releases, so I started investigating.
The patch fixes a concerning issue. Consider the simplest valid HTTP request for HTTP 1.0:
`GET / HTTP/1.0`
That request line alone is a simple, trivial HTTP request. With unpatched Passenger versions, a simple request of this nature returns a surprising response:
# curl -0 -H "Host:" http://MY.URL curl: (52) Empty reply from server
The expected response would have been some sort of valid HTTP, but not only is there an empty reply from the server, which is bad enough in itself, but if you are on the server and pay attention to the list of processes, you will notice that this request causes a fault which kills the nginx worker process that was handling it. Nginx is an innocent victim in this case because it is the Passenger code that is at fault.
For a more visual example than curl provides, you could use a tool such as http://web-sniffer.net/. Do HTTP/1.0 without a Host header, and you’ll see the same thing, regardless of the content of any other headers. Add the Host header back, and it works as expected.
It appears that the bug was caused by the SERVER_NAME patch, which was part of 3.0.8, and fixed a bug so that Rack::URLMap would work correctly.
You can use either of these tools to test your own applications.
This seemed like an important bug to have fixed in our nginx+passenger ebuilds here at Engine Yard, so after confirming the bug, and the patch, I built new versions of all of our relevant ebuilds to incorporate this patch. As of the time that this blog post was published, these builds have been live in our build tree for several days. AppCloud customers, you can update your own application to use these builds simply by clicking on the Upgrade button in your application dashboard. You may do so at your convenience, and can test that the patch fixed the problem by using either
curl from the command line, or a web based tool such as the http://web-sniffer.net/ mentioned above. xCloud customers, you can request this update by filing a ticket with support.
We’d like to thank Phusion for all of their work on Passenger, and for fixing this particular bug. We look forward to the next release of Passenger, and we look forward to continuing to provide our customers with the most reliable systems that we can.